CIT Accomplishments and Plans - Computing at Cornell - Cornell ...

Recommendations

Info

16 Safeguarding Cornell’s Computers, Networks, and Data The IT Security Office is charged with ensuring the security and integrity of the university’s computer systems, networks and data, while maintaining an IT environment that is supportive of Cornell’s academic mission and culture. The office takes a lead role in developing campus security architecture, policies, standards and practices. Focus this year has primarily been on increasing awareness and application of computer security policy and practices by the campus community, providing an Active Directory service for new Exchange email and departmental use, and confidential data identification and management practices. Raising Computer Security Awareness This year we launched a campaign to increase awareness around security concerns and foster a culture of personal responsibility . As part of this effort, a new PDF e-book, Computer Security at Cornell: Secure Your Computer On and Off Campus, was developed and made available to faculty and staff . The material in the handbook also formed the basis of a revised security web site on Computing at Cornell . The e-book, which has been downloaded more than 1,900 times since February 2009, is full of quotes, links to trusted sites, analogies, and news articles to help teach faculty and staff: ▪ Why secure computing is your responsibility ▪ How to recognize and respond to possible security problems ▪ How to protect your identity ▪ How to protect university data ▪ How to secure the computer you use at Cornell ▪ Internet safety ▪ Secure computing practices when working off campus Both the handbook and the web site include everything most people need to know about the new security requirements that are being introduced in Policy 5 .10, Information Security . Other educational and awareness materials, such as a public lab computer desktop image alerting students to the risk of falling for phishes, and a postcard reminding faculty and staff to set their NetID security questions are part of the cit.cornell.edu/security/index.cfm greater campaign to continue to keep messages about computer security on people’s minds . As part of National Cyber Security Awareness Month, Cornell also welcomed other universities to use the computer security e-book as a resource for the development of additional campus awareness and educational materials . Don’t Click That The IT Security Office has developed a one-hour presentation entitled “Don’t Click That .” Aimed at non-technical audiences, this interactive session discusses various risks to university data, the current state of Internet crime, and how to avoid attempts to defraud over the Web or electronic mail . The seminar is available to interested departments . Email security-services@cornell.edu for information .
17 Data Discovery Tools To support both the campus-wide data discovery effort and CIT IT Security incident response and analysis, Spider 2008 and IdentityFinder have been made available to the campus community . Spider 2008 is a fundamental redesign of Spider software we’ve had for years . In contrast to previous versions, which were built around an IT-directed scan model, Spider is a self-service system . End-users should be able to scan their own machines and take whatever remedial actions are appropriate . The redesign of Spider is an outgrowth of interest from Cornell and other Spider user sites to develop something usable by a casual person, with minimal IT support . Featurewise, Spider 2008 is complete . Several universities have expressed an interest in centralized reporting, though . For more information, see cit.cornell.edu/services/spider/ . In addition to updating Spider for end-user availability, we licensed approximately 10,000 copies of IdentityFinder for both PC and Mac . With powerful centralized reporting, excellent Outlook integration, and easy deployment, IdentityFinder significantly augments our data discovery and incident response capabilities . For more information, see cit.cornell.edu/services/idfinder/ . Enhancements to Campus Incident Response Program Previously, when a system was compromised, IT Security was required to capture an image of the entire drive, run Spider on that image, search for signs of malware, and then laboriously go through a process to gauge risk of data loss . This process could disrupt a department’s work, because it would often keep a machine out of service for several days . Additionally, modern varieties of malware are significantly smarter and more flexible than when our procedures were developed . When a system that may hold confidential data is compromised, we’re obligated to analyze the affected system to help inform DIRT (Data Loss Incident Response Team), a group representing various campus offices that decides what action the university should take in the event of a data breach . An ongoing project within IT Security is to develop a new process that should allow us to gather more data, faster, while minimizing our impact on department operations . This new process also means we quickly get an accurate, informative alert to DIRT . “Flush the Phish” awareness materials remind students to keep their NetIDs private . Easier Password Management The password complexity requirement was first implemented in 2005 . Since then, Cornell’s alumni and trustee community have been brought on board with the use of NetIDs to access Cornell services . Feedback provided from those customers and the offices serving them demonstrates that coming up with a password that meets the requirements can be challenging and even frustrating . We began looking at ways to ease this task without sacrificing the added security of complex passwords . The changes made involved giving the user immediate feedback as they enter the characters that make up the password . Users can tell at any time during the process which requirements they have yet to meet . Previously they would have to submit the proposed password before they received a “pass/ fail” report . We also modified the restriction on dictionary words to make the use of passphrases possible . Some people find creating a password that is associated with a phrase (a passphrase) easier to remember . By virtue of its length, a passphrase is stronger than a password . If the dictionary word is less than five characters or makes up less than forty percent of the passphrase, it will be accepted . The use of complex passwords is an integral part of keeping university data and individual identities safe . Simplifying their use will add strong support for this security practice .
Page 1 and 2: CIT Accomplishments and Plans Corne
Page 3 and 4: Vice President for Information Tech
Page 5 and 6: 5 Building Partnerships to Meet Uni
Page 7 and 8: 7 Summer Seminar Examines the Impac
Page 9 and 10: 9 Developing Contemporary Systems k
Page 11 and 12: 11 Piloting OBIEE+: A New Business
Page 13 and 14: 13 Enhancing Academic Technologies
Page 15: 15 Online Videos of Classes and Sem
Page 19 and 20: 19 Building a Policy Foundation for
Page 21 and 22: 21 Improved Cell Coverage On Campus
Page 23 and 24: 23 Responding to Change and Contain
Page 25 and 26: Total Cost of CIT Programs and Serv

CIT Accomplishments and Plans - Computing at Cornell - Cornell ...

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?